This documentation applies to Codacy Self-hosted v4.2.0

For the latest updates and improvements, see the latest Cloud documentation instead.

API tokens

The Codacy API tokens allow you to:

• Authenticate when using the Codacy API

• Upload coverage data or upload the results of running local analysis to Codacy

Codacy provides two types of API tokens:

• Account API tokens are defined at the Codacy user account level. Each account API token authorizes access to the same organizations and repositories as the owner of the account.

• Project API tokens are defined on individual repositories. Each project API token only authorizes access to the corresponding repository.

The sections below provide detailed instructions on how to generate and revoke API tokens.

Warning

Never write API tokens on your configuration files and keep your API tokens well protected, as they grant owner permissions to your projects on Codacy.

We recommend that you set API tokens as environment variables. Check the documentation of your CI/CD platform on how to do this.

Generating and revoking account API tokens

To generate an account API token:

1. Open your account, tab Access management.

2. Click the button Create API token.

   

To revoke an account API token, click the cross next to the token. After this, all applications or services using that token to access the Codacy API will fail to authenticate and will receive the reply {"error":"not found"}.

Tip

You can create multiple account API tokens. This can be useful to have a more flexible control by revoking only a specific token.

Generating and revoking project API tokens

To generate a project API token:

1. Open your repository Settings, tab Integrations.

2. Click the button Add integration and add a Project API integration.

3. Click the button Settings on the Project API integration and copy the project API token.

   

To revoke a project API token, click the trash can icon for the corresponding Project API integration. After this, all applications or services using that token to access the Codacy API will fail to authenticate and will receive the reply {"error":"not found"}.

Tip

You can create multiple project API tokens. This can be useful to have a more flexible control by revoking only a specific token.

See also

• Adding coverage to your repository
• Running local analysis
• Client-side tools

Share your feedback 📢

Did this page help you?

Yes No

Thanks for the feedback! Is there anything else you'd like to tell us about this page?

Send 255 characters left

We're sorry to hear that. Please let us know what we can improve:

Send 255 characters left

Alternatively, you can create a more detailed issue on our GitHub repository.

Thanks for helping improve the Codacy documentation.

If you have a question or need help please contact support@codacy.com.

Last modified June 11, 2021